• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 785
  • Last Modified:

Forcing users through Dansguardian and Squid Using IPTables

Hi i need to send my clients through dansguardian and squid without any configuration on the client machines.

i havent tested the following rules, i would like somebody to check over them beforehand. and point out what can be improved and where.

Thanks in advanced.


iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
iptables -A INPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth1 -p tcp --dport 8080
iptables -A OUTPUT -j ACCEPT -m state --state NEW,ESTABLISHED,RELATED -o eth0 -p tcp --dport 80
iptables -A INPUT -j ACCPET -m state --state ESTABLISHED,RELATED -i eth0 -p tcp --sport 80
iptables -A OUTPUT -j ACCEPT -m state --state ESTABLISHED,RELATED -o eth1 -p tcp --sport 80

Open in new window

0
CNTPL89
Asked:
CNTPL89
  • 2
1 Solution
 
LinuxNtwrkngCommented:
It all looks good to me
0
 
CNTPL89Author Commented:
i get an error on the second rule saying i cant use a -o on a input, i used -p instead, this doesnt work. any ideas?
0
 
LinuxNtwrkngCommented:
Right.. sorry I missed that.  The "-o" on the second line should be "-i".  You have the INPUT chain, as you should, but the "-o" specifies that traffic will be going out that interface.  It will not, it will be coming in to it from your workstations.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now